id: vsftpd-detection info: name: VSFTPD v2.3.4 Backdoor Command Execution author: pussycat0x severity: critical tags: network,vsftpd,ftp,backdoor reference: https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/ network: - inputs: - data: "USER anonymous\r\nPASS pussycat0x\r\n" host: - "{{Host}}:21" - "{{Hostname}}" matchers: - type: word words: - "vsFTPd 2.3.4"